package example.hellosecurity.example.config;

import example.hellosecurity.example.handler.MyAccessDeniedHandler;
import example.hellosecurity.example.handler.MyForwardAuthenticationSuccessHandler;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authorization.AuthenticatedAuthorizationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;

/**
 * @ClassName WebSecurityConfig
 * @Describtion:
 * @Author:Chenc
 * @Date:2024/1/16 14:15
 * @Version 1.0
 */
@EnableWebSecurity
@Configuration
public class WebSecurityConfig {

    @Autowired
    MyAccessDeniedHandler myAccessDeniedHandler;
    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http
                .authorizeHttpRequests((requests) -> requests
                        .requestMatchers("/","/home","/error").access(AuthenticatedAuthorizationManager.anonymous())
                        .requestMatchers("/hello/**").hasRole("vip0")
                        .requestMatchers("/hello/**").hasAnyAuthority("Maths")
                        .requestMatchers("/hello1/**").hasRole("vip1")
                        .requestMatchers("/hello2/**").hasRole("vip2")
                        .requestMatchers("/adminInfo").hasAnyAuthority("Maths")
                                .anyRequest().access("@MyService")
//                        .requestMatchers("/sss").hasip[] ??
                        .anyRequest().authenticated()

                )
                .formLogin((form) -> form
                        .usernameParameter("username123")//同表单字段
                        .passwordParameter("password111")//同表单字段
                        .loginPage("/login")
                        .loginProcessingUrl("/login")
                        .successForwardUrl("/home")//需要post请求
//                        .successHandler(new MyForwardAuthenticationSuccessHandler("http://www.baidu.com"))

                        .failureForwardUrl("/toerror")
                        .permitAll()
                )

                .logout((logout) -> logout.permitAll())
                .csrf().disable()
                //TODO  方法过时 需要找到取代方法
                .exceptionHandling().accessDeniedHandler(myAccessDeniedHandler)
        ;

        return http.build();
    }

    @Bean
    public UserDetailsService userDetailsService() {


        return new InMemoryUserDetailsManager(
                User.withUsername("root")
                        .password(passwordEncoder().encode("123456"))
                        .roles("vip0","vip1","vip2")
                        .build(),
                User.withUsername("user1")
                        .password(passwordEncoder().encode("123456"))
                        .roles("vip0","vip1")
                        .build(),
                User.withUsername("user2")
                        .password("123456")
                        .passwordEncoder(passwordEncoder()::encode)
                        .authorities("Maths","English")
                        .roles("vip0","vip2")
                        .build());

    }

    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }



}
